Network Protecting Authentication Proxy

1. A system comprising: an internal authentication system server communicatively and physically coupled with a first network; and an authentication front-end implemented on a machine communicatively and physically coupled to the first network and a second network, and the authentication front-end configured to: receive a security credentials from an external machine via the second network; query the internal authentication system via the first network to determine risk of lockout upon failure to authenticate the security credential; if no risk of lockout, forward the security credentials to the internal authentication system to attempt to authenticate the external machine; and if risk of lockout, return an authentication error to the external machine without forwarding the security credential to the internal authentication system.

2. The system of claim 1 , wherein the second network is the Internet.

3. The system of claim 1 , wherein the first network is an intranet.

4. The system of claim 1 , wherein the internal authentication system server is configured to provides Microsoft Active Directory type services to facilitate said querying the internal authentication system for risk of lockout.

5. The system of claim 1 , wherein said query further comprises a query of the internal authentication system for a number of invalid authentication attempts left before the security credential locks out.

6. An apparatus comprising: an interface configured to receive a security credential from an external machine; a processor communicatively and physically coupled to the interface and an internal authentication system; and an authentication front-end configured to be operated by the processor to: receive the security credential of the external machine from the interface; query the internal authentication system to determine risk of lockout upon failure to authenticate the security credential; if no risk of lockout, forward the security credential to the internal authentication system to attempt to authenticate the external machine; and if risk of lockout, return an authentication error to the external machine without forwarding the security credential to the internal authentication system.

7. The apparatus of claim 6 , wherein the interface is communicatively and physically coupled to the Internet.

8. The apparatus of claim 6 , wherein the authentication front-end and the internal authentication system are communicatively and physically coupled to an intranet.

9. The apparatus of claim 6 , wherein the authentication front-end is further configured to query the internal authentication system for a number of invalid authentication attempts left before the security credential locks out.

10. The apparatus of claim 6 , wherein the authentication front-end is further configured to receive a response from the internal authentication system for the said query.

11. The apparatus of claim 10 , wherein the authentication front-end is further configured to determine the risk of lockout based on the response from the internal authentication system.

12. A method comprising: receiving, by an interface communicatively and physically coupled to a first network, a security credential from an external machine via the first network; sending, by an authentication front-end operating on a machine communicatively and physically coupled to the interface and an internal authentication system, a query to the internal authentication system to determine risk of lockout upon failure to authenticate the security credential; if no risk of lockout, forwarding, by the authentication front-end, the security credential to the internal authentication system to attempt to authenticate the external machine; and if risk of lockout, returning, by the authentication front-end, an authentication error to the external machine without forwarding the security credential to the internal authentication system.

13. The method of claim 12 , wherein the first network is the Internet.

14. The method of claim 12 , wherein the internal authentication system is communicatively and physically coupled to an intranet.

15. The method of claim 12 , wherein said query comprises, a query of the internal authentication system for a number of invalid authentication attempts left before the security credential locks out.

16. The method of claim 12 , further comprising receiving, by the authentication front-end, a response from the internal authentication system for said query.

17. The method of claim 16 , wherein said determine further comprises determine the risk of lockout based on the response from the internal authentication system.